close
close

Microsoft has seen a huge increase in the number of attacks targeting the Internet

Posted on by darion

Microsoft has reported a significant increase in cyberattacks targeting internet-enabled and poorly secured operational technology (OT) devices.

These attacks were particularly focused on water and wastewater systems (WWS) in the United States.

Various state-backed entities are involved in these attacks, including IRGC-affiliated “CyberAv3ngers” and pro-Russian hacktivists.

Vulnerability of OT systems

OT systems control critical real-world processes and are common in a variety of industries, including construction HVAC systems, water utilities, and power plants.

These systems manage important parameters such as speed and temperature in industrial processes.

A cyber attack on an OT system could transfer control of these parameters to the attacker, potentially causing system failures or complete downtime.

According to Microsoft reports, many OT devices are directly connected to the Internet, making them easy for attackers to detect using Internet scanning tools.

Poor security configurations, such as weak passwords or outdated software with known vulnerabilities, further increase the risk.

The attractiveness of OT systems and the ease of exploiting weak configurations was demonstrated during the Israel-Hamas war, when several OT-focused actors broadcast their attacks on Israeli companies via Telegram channels.

All-in-One Cybersecurity Platform for MSPs to provide full breach protection with a single tool, Watch a Full Demo

High-profile case: attack on the Aliquippa hydroelectric power plant

In November 2023, there was a high-profile cyber attack that targeted the Aliquippa hydroelectric power plant in Pennsylvania.

The attack, attributed to IRGC-affiliated “CyberAv3ngers,” caused a pressure-regulating pump to fail and destroy a device bearing the attacker’s logo.

The U.S. Department of the Treasury imposed sanctions on officials from the Islamic Revolutionary Guard Corps Cyber ​​Command (IRGC-CEC) over the attack.

The Aliquippa Municipal Water Authority released a photo of Aliquippa Unitronics PLC to the media.

The incident in Aliquippa is part of a broader trend of attacks on OT systems.

The Cybersecurity and Infrastructure Security Agency (CISA) published recommendations in December 2023 and May 2024 highlighting a common profile of target OT systems:

Internet access with weak login configurations. These recommendations highlight the need for improved security measures to protect against similar attacks.

Statistics of vulnerable devices in the client’s industrial network.

To reduce the risk of cyberattacks on OT systems, Microsoft recommends the following measures:

  1. Use comprehensive security solutions: Deploy solutions like Microsoft Defender for IoT to monitor and protect OT devices.
  2. Enable vulnerability assessment: Identify and patch unpatched devices with tools like Microsoft Defender Vulnerability Management.
  3. Reduce the attack surface: Eliminate unnecessary internet connections to OT devices and close unnecessary open ports.
  4. Implement zero trust practices: Apply network segmentation to prevent lateral movement of attackers and isolate OT devices from the IT network.

The surge in cyberattacks on OT devices highlights the urgent need to improve security measures.

Organizations must adopt comprehensive security solutions, conduct regular vulnerability assessments, and implement best practices to protect their critical infrastructure from cyber threats.

Get special offers from ANY.RUN Sandbox. Until May 31, get 6 months of free service or extra licenses. Sign up for free.